Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1605

Support IPsec via libreswan in nmstate

XMLWordPrintable

    • nmstate-2.2.21-1.el9
    • 1
    • rhel-sst-network-management
    • ssg_networking
    • 17
    • 1
    • False
    • Hide

      None

      Show
      None
    • Yes
    • NMT - RHEL 8.10/9.4 DTM 14
    • Hide
      • As a user I want to configure ipsec policies via nmstate so that communication with certain entities (such as NetApp storage device) is encrypted.
      • As a user I want to configure ipsec policies via nmstate so that all communication is encrypted.

      Acceptance Criteria

      A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.

      • Verify using PSK
      • Verify using Certs
      • Verify on OCP SNO
      • Verify on OCP MNO
      • Verify with multiple policies
      • Verify with rightsub=0.0.0.0/0

      Definition of Done

      • The implementation meets the acceptance criteria
      • The unit tests and integration tests are written and passed
      • The code is part of a build attached to an errata
      • The code is backported to RHEL-9.2
      Show
      As a user I want to configure ipsec policies via nmstate so that communication with certain entities (such as NetApp storage device) is encrypted. As a user I want to configure ipsec policies via nmstate so that all communication is encrypted. Acceptance Criteria A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed. Verify using PSK Verify using Certs Verify on OCP SNO Verify on OCP MNO Verify with multiple policies Verify with rightsub=0.0.0.0/0 Definition of Done The implementation meets the acceptance criteria The unit tests and integration tests are written and passed The code is part of a build attached to an errata The code is backported to RHEL-9.2
    • Pass
    • Automated
    • Enhancement
    • Hide
      .Nmstate API configures VPN connection based on IPsec configuration

      The Libreswan utility is an implementation of IPsec for configuring VPNs. With this update, by using `nmstatectl`, you can configure IPsec-based authentication types along with configuration modes (tunnel and transport) and network layouts (`host-to-subnet`, `host-to-host`, `subnet-to-subnet`).
      Show
      .Nmstate API configures VPN connection based on IPsec configuration The Libreswan utility is an implementation of IPsec for configuring VPNs. With this update, by using `nmstatectl`, you can configure IPsec-based authentication types along with configuration modes (tunnel and transport) and network layouts (`host-to-subnet`, `host-to-host`, `subnet-to-subnet`).
    • Done
    • None

      Goal

      • As a user I want to configure ipsec policies via nmstate so that communication with certain entities (such as NetApp storage device) is encrypted.
      • As a user I want to configure ipsec policies via nmstate so that all communication is encrypted.

      these might happen both in cloud environments and on-prem as well as between cloud and on-perm over public internet.

      the request is originally related to OCP clusters with RHCOS.

      Acceptance Criteria

      A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.

      • Verify using PSK
      • Verify using Certs
      • Verify on OCP SNO
      • Verify on OCP MNO
      • Verify with multiple policies
      • Verify with rightsub=0.0.0.0/0

              fge@redhat.com Gris Ge
              ykashtan Yuval Kashtan
              Jan Fiala
              Network Management Team Network Management Team
              Mingyu Shi Mingyu Shi
              Mayur Patil Mayur Patil
              Votes:
              0 Vote for this issue
              Watchers:
              18 Start watching this issue

                Created:
                Updated:
                Resolved: